2021-12-27

How to build CyberChef

CyberChef. The Cyber Swiss Army Knife.

A web app for encryption, encoding, compression and data analysis.

  • Always wanted to build the latest version of CyberChef?
  • Struggled with Node versions and other weird dependencies?
  • Did grunt dev and grunt prod fail with cryptic error messages?
  • Are you a noob with node (like me)?

Well, then at least there's two of us...

 



Building CyberChef

CyberChef works best with Node version 10 now with 16 :), back then my first mistake was to (naïvely) expect it to be able to build with a later version, like the one in the Debian repositories. Should've read the simple installation instructions found here [1].

Things started looking a little better after that, however stupid little things like having to implement a fix for fixCryptoApiImports because it is hard-coded to use /bin/sh (which is now in /usr/bin/sh for Debian based distros) still broke the build.
 
Anyhoo.
The idea was to build a build system, then use the CyberChef Build built on that build system on a web-server or container without all the development pieces. The simplified flow for this ended up being like this:
 

 

My dev and test environments are based on Debian 11 (Bullseye), Vagrant, and VirtualBox - mainly because I have to pay for it myself, but also because it is possible to spin up test environments in minutes - even for Elastic / OpenStack clusters - but not least for purposes of creating a build server with an old obscure version of Node. Like required for CyberChef.

Result

The final thing now spins up a development/build server called Charpentier which will build the latest version of CyberChef copying it to the Virtual Host in the ./CyberChef directory. You can either choose to let Vagrant continue installing the web-server called "Cyberchef", which will copy the newly created build and use that. Or you could manually copy the build created on "Charpentier" to your own web-server (red dotted line) and configure that manually, the script "other_webserver.sh" provided might be helpful in getting NGINX installed, with a self-signed certificate.

Logging in to the Server and/or the Website

The bootstrap script adds the public SSH key I use in that testlab. The installation disables the Vagrant user and adds another Linux user called "cyberchef" with a randomly generated password
It is also possible to enable basic authentication for NGINX, thus requiring credentials for accessing CyberChef. However, this is commented out. Uncomment "configure_nginx_auth" towards the bottom of the "main" routine to enable this.
Information about credentials created during installation can be found in /var/lib/cyberchef/ please delete these files after you have added the passwords to your password manager, you should probably change the passwords too.

Prerequisites

All you need for this is Debian, Vagrant, and VirtualBox. This should also run on VMWare, however this is not tested, so please provide feedback when/if you test that.
  1. Install your preferred Linux distro (this should also run on a Mac or Windows system) then proceed to install;
  2.  VirtualBox (or VMWare, but as stated; not tested yet)
  3. Vagrant
After all prerequisites are in place, proceed and run the following.
 
  1. git clone https://github.com/martinboller/cc-build
  2. cd cc-build
  3. vagrant up <- will bring both the build system and the web-server up
  4.  Wait...
 For further details on installation, please refer to the README [3].
 
 
Warning: If you decide to use the virtual web-server, please, please, PLEASE ensure that you remove and/or disable the Vagrant account on that. It is defaulting to vagrant/vagrant. The cc-build script does that for you now, as well as creating another user with sudo privileges and a random password (look in /var/lib/cyberchef for credentials created during installation).



 

 



No comments: